files/en-us/web/api/subtlecrypto/exportkey/index.md
{{APIRef("Web Crypto API")}}{{SecureContext_header}}{{AvailableInWorkers}}
The exportKey() method of the {{domxref("SubtleCrypto")}}
interface exports a key: that is, it takes as input a {{domxref("CryptoKey")}} object
and gives you the key in an external, portable format.
To export a key, the key must have {{domxref("CryptoKey.extractable")}} set to
true.
Keys can be exported in several formats: see Supported formats in the
SubtleCrypto.importKey()
page for details.
Keys are not exported in an encrypted format: to encrypt keys when exporting them use
the
SubtleCrypto.wrapKey()
API instead.
exportKey(format, key)
format
raw: Raw format.pkcs8: PKCS #8 format.spki: SubjectPublicKeyInfo format.jwk: JSON Web Key format.key
A Promise.
format was jwk, then the promise fulfills
with a JSON object containing the key.ArrayBuffer
containing the key.The promise is rejected when one of the following exceptions is encountered:
InvalidAccessError {{domxref("DOMException")}}
NotSupported {{domxref("DOMException")}}
[!NOTE] You can try the working examples out on GitHub.
This example exports an AES key as an ArrayBuffer containing the bytes for
the key. See the complete code on GitHub.
/*
Export the given key and write it into the "exported-key" space.
*/
async function exportCryptoKey(key) {
const exported = await window.crypto.subtle.exportKey("raw", key);
const exportedKeyBuffer = new Uint8Array(exported);
const exportKeyOutput = document.querySelector(".exported-key");
exportKeyOutput.textContent = `[${exportedKeyBuffer}]`;
}
/*
Generate an encrypt/decrypt secret key,
then set up an event listener on the "Export" button.
*/
window.crypto.subtle
.generateKey(
{
name: "AES-GCM",
length: 256,
},
true,
["encrypt", "decrypt"],
)
.then((key) => {
const exportButton = document.querySelector(".raw");
exportButton.addEventListener("click", () => {
exportCryptoKey(key);
});
});
This example exports an RSA private signing key as a PKCS #8 object. The exported key is then PEM-encoded. See the complete code on GitHub.
/*
Convert an ArrayBuffer into a string
from https://developer.chrome.com/blog/how-to-convert-arraybuffer-to-and-from-string/
*/
function ab2str(buf) {
return String.fromCharCode.apply(null, new Uint8Array(buf));
}
/*
Export the given key and write it into the "exported-key" space.
*/
async function exportCryptoKey(key) {
const exported = await window.crypto.subtle.exportKey("pkcs8", key);
const exportedAsString = ab2str(exported);
const exportedAsBase64 = window.btoa(exportedAsString);
const pemExported = `-----BEGIN PRIVATE KEY-----\n${exportedAsBase64}\n-----END PRIVATE KEY-----`;
const exportKeyOutput = document.querySelector(".exported-key");
exportKeyOutput.textContent = pemExported;
}
/*
Generate a sign/verify key pair,
then set up an event listener on the "Export" button.
*/
window.crypto.subtle
.generateKey(
{
name: "RSA-PSS",
// Consider using a 4096-bit key for systems that require long-term security
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-256",
},
true,
["sign", "verify"],
)
.then((keyPair) => {
const exportButton = document.querySelector(".pkcs8");
exportButton.addEventListener("click", () => {
exportCryptoKey(keyPair.privateKey);
});
});
This example exports an RSA public encryption key as a PEM-encoded SubjectPublicKeyInfo object. See the complete code on GitHub.
/*
Convert an ArrayBuffer into a string
from https://developer.chrome.com/blog/how-to-convert-arraybuffer-to-and-from-string/
*/
function ab2str(buf) {
return String.fromCharCode.apply(null, new Uint8Array(buf));
}
/*
Export the given key and write it into the "exported-key" space.
*/
async function exportCryptoKey(key) {
const exported = await window.crypto.subtle.exportKey("spki", key);
const exportedAsString = ab2str(exported);
const exportedAsBase64 = window.btoa(exportedAsString);
const pemExported = `-----BEGIN PUBLIC KEY-----\n${exportedAsBase64}\n-----END PUBLIC KEY-----`;
const exportKeyOutput = document.querySelector(".exported-key");
exportKeyOutput.textContent = pemExported;
}
/*
Generate an encrypt/decrypt key pair,
then set up an event listener on the "Export" button.
*/
window.crypto.subtle
.generateKey(
{
name: "RSA-OAEP",
// Consider using a 4096-bit key for systems that require long-term security
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-256",
},
true,
["encrypt", "decrypt"],
)
.then((keyPair) => {
const exportButton = document.querySelector(".spki");
exportButton.addEventListener("click", () => {
exportCryptoKey(keyPair.publicKey);
});
});
This example exports an ECDSA private signing key as a JSON Web Key object. See the complete code on GitHub.
/*
Export the given key and write it into the "exported-key" space.
*/
async function exportCryptoKey(key) {
const exported = await window.crypto.subtle.exportKey("jwk", key);
const exportKeyOutput = document.querySelector(".exported-key");
exportKeyOutput.textContent = JSON.stringify(exported, null, " ");
}
/*
Generate a sign/verify key pair,
then set up an event listener on the "Export" button.
*/
window.crypto.subtle
.generateKey(
{
name: "ECDSA",
namedCurve: "P-384",
},
true,
["sign", "verify"],
)
.then((keyPair) => {
const exportButton = document.querySelector(".jwk");
exportButton.addEventListener("click", () => {
exportCryptoKey(keyPair.privateKey);
});
});
{{Specifications}}
{{Compat}}